1 package iotruntime.master;
3 import java.io.InputStream;
4 import java.io.InputStreamReader;
5 import java.io.BufferedReader;
6 import java.io.BufferedWriter;
7 import java.io.FileWriter;
8 import java.io.PrintWriter;
9 import java.io.IOException;
10 import java.nio.file.Files;
11 import java.nio.file.Paths;
12 import java.nio.charset.StandardCharsets;
13 import java.util.HashMap;
16 /** Class RouterConfig is a class that configures the router
17 * in our compute node network with the relevant netfilter
19 * it uses ssh to contact the router and writes policy into it
21 * To make the implementation faster, we use "iptables-restore"
22 * that doesn't require "iptables" command to be invoked many
23 * times - each invocation of "iptables" will load the existing
24 * table from the kernel space before appending the new rule.
26 * We write the core policy repeatedly for each benchmark, while
27 * the header "*filter" and tail (a bunch of closing rules and
28 * REJECT rules) are written into a different file.
29 * They are merged and deployed for every benchmark bootstrapped
32 * @author Rahmadi Trimananda <rahmadi.trimananda @ uci.edu>
36 public final class RouterConfig {
39 * RouterConfig constants
41 private static final String STR_SSH_USERNAME_ROUTER = "root";
42 private static final String STR_SSH_USERNAME_HOST = "iotuser";
43 private static final String STR_POLICY_FILE_ALL = "_all";
44 private static final String STR_POLICY_FILE_EXT = ".policy";
47 * RouterConfig properties
49 private Map<String, PrintWriter> mapHostToFile;
50 private Map<String, PrintWriter> mapHostToMainFile;
51 private Map<String, String> mapMACtoIPAdd;
56 public RouterConfig() {
57 // This maps hostname to file PrintWriter
59 mapMACtoIPAdd = new HashMap<String, String>();
63 * renewPrintWriter() renews the mapHostToFile object that lists all PrintWriters
67 public void renewPrintWriter() {
69 mapHostToFile = new HashMap<String, PrintWriter>();
73 * renewMainPrintWriter() renews the mapHostToMainFile object that lists all main PrintWriters
77 public void renewMainPrintWriter() {
79 mapHostToMainFile = new HashMap<String, PrintWriter>();
83 * initMainPolicy() initializes the main PrintWriter object to print the entire policies
85 * @param strConfigHost String hostname to be configured
88 public void initMainPolicy(String strConfigHost) {
90 PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
91 pwConfig.println("*filter"); // Print header for iptables-restore
95 * getMainPrintWriter() gets the main PrintWriter object to print the entire policies
97 * @param strHost String hostname to be configured
100 private PrintWriter getMainPrintWriter(String strHost) {
102 String strConfigHost = strHost + STR_POLICY_FILE_ALL;
103 // Return object if existing
104 if (mapHostToMainFile.containsKey(strConfigHost)) {
105 return mapHostToMainFile.get(strConfigHost);
107 // Simply create a new one if it doesn't exist
108 FileWriter fw = null;
110 fw = new FileWriter(strConfigHost + STR_POLICY_FILE_EXT);
111 } catch (IOException ex) {
112 ex.printStackTrace();
114 PrintWriter pwConfig = new PrintWriter(new BufferedWriter(fw));
115 mapHostToMainFile.put(strConfigHost, pwConfig);
121 * getPrintWriter() gets the right PrintWriter object to print policies to the right file
123 * @param strConfigHost String hostname to be configured
124 * @return PrintWriter
126 private PrintWriter getPrintWriter(String strConfigHost) {
128 // Return object if existing
129 if (mapHostToFile.containsKey(strConfigHost)) {
130 return mapHostToFile.get(strConfigHost);
132 // Simply create a new one if it doesn't exist
133 FileWriter fw = null;
135 fw = new FileWriter(strConfigHost + STR_POLICY_FILE_EXT);
136 } catch (IOException ex) {
137 ex.printStackTrace();
139 PrintWriter pwConfig = new PrintWriter(new BufferedWriter(fw));
140 //pwConfig.println("*filter"); // Print header for iptables-restore
141 mapHostToFile.put(strConfigHost, pwConfig);
147 * readFile() read the entire file and return a string
149 * @return String String that contains the content of the file
151 public String readFile(String filePath) {
153 String retStr = null;
155 retStr = new String(Files.readAllBytes(Paths.get(filePath)), StandardCharsets.UTF_8);
156 } catch (IOException ex) {
157 ex.printStackTrace();
163 * combineRouterPolicies() method combines the core router policies into the main file
165 * @param strConfigHost String hostname to be configured
168 public void combineRouterPolicies(String strConfigHost) {
170 PrintWriter pwConfigAll = getMainPrintWriter(strConfigHost);
171 PrintWriter pwConfig = getPrintWriter(strConfigHost);
173 String strPolicyList = readFile(strConfigHost + STR_POLICY_FILE_EXT);
174 pwConfigAll.print(strPolicyList);
178 * closeMain() closes all main PrintWriter objects
182 public void closeMain() {
184 for(PrintWriter pwConfig: mapHostToMainFile.values()) {
185 pwConfig.println("COMMIT"); // Add "COMMIT" statement to end the list for iptables-restore
191 * close() closes all PrintWriter objects
195 public void close() {
197 for(PrintWriter pwConfig: mapHostToFile.values()) {
203 * sendRouterPolicies() deploys policies on router
205 * @param strConfigHost String hostname to be configured
208 public void sendRouterPolicies(String strConfigHost) {
210 String strCmdSend = "scp " + strConfigHost + STR_POLICY_FILE_ALL + STR_POLICY_FILE_EXT + " " +
211 STR_SSH_USERNAME_ROUTER + "@" + strConfigHost + ":~;";
212 //System.out.println(strCmdSend);
213 deployPolicies(strCmdSend);
214 String strCmdDeploy = "ssh " + STR_SSH_USERNAME_ROUTER + "@" + strConfigHost +
215 " iptables-restore < ~/" + strConfigHost + STR_POLICY_FILE_ALL + STR_POLICY_FILE_EXT + "; rm ~/" + strConfigHost +
216 STR_POLICY_FILE_ALL + STR_POLICY_FILE_EXT + "; ";// +
217 // TODO: delete these later when we apply tight initial conditions (reject everything but SSH commands)
218 //"iptables -F startup_filter_tcp; iptables -F startup_filter_udp; " +
219 //"iptables -t filter -D FORWARD -j startup_filter_tcp; iptables -t filter -D FORWARD -j startup_filter_udp;";
220 //System.out.println(strCmdDeploy);
221 deployPolicies(strCmdDeploy);
225 * sendHostPolicies() deploys policies on host
227 * @param strConfigHost String hostname to be configured
230 public void sendHostPolicies(String strConfigHost) {
232 String strCmdSend = "scp " + strConfigHost + STR_POLICY_FILE_ALL + STR_POLICY_FILE_EXT + " " +
233 STR_SSH_USERNAME_HOST + "@" + strConfigHost + ":~;";
234 System.out.println(strCmdSend);
235 deployPolicies(strCmdSend);
236 String strCmdDeploy = "ssh " + STR_SSH_USERNAME_HOST + "@" + strConfigHost +
237 " sudo iptables-restore < ~/" + strConfigHost + STR_POLICY_FILE_ALL + STR_POLICY_FILE_EXT + "; rm ~/" + strConfigHost +
238 STR_POLICY_FILE_ALL + STR_POLICY_FILE_EXT + ";";
239 System.out.println(strCmdDeploy);
240 deployPolicies(strCmdDeploy);
244 * deployPolicies() method configures the policies
246 * @param strCommand String that contains command line
249 private void deployPolicies(String strCommand) {
252 Runtime runtime = Runtime.getRuntime();
253 Process process = runtime.exec(strCommand);
255 } catch (IOException ex) {
256 System.out.println("RouterConfig: IOException: " + ex.getMessage());
257 ex.printStackTrace();
258 } catch (InterruptedException ex) {
259 System.out.println("RouterConfig: InterruptException: " + ex.getMessage());
260 ex.printStackTrace();
265 * getAddressListObject() method returns the map from this class
267 * This method is useful for MAC policy class so that it doesn't have
268 * to query the router again
270 public Map<String, String> getAddressListObject() {
272 return mapMACtoIPAdd;
276 * getAddressList() method gets list of IP addresses
278 * This method sends an inquiry to the router to look for
279 * the list of DHCP leased addresses and their mapping to MAC
282 * @param strRouterAddress String that contains address of router
284 public void getAddressList(String strRouterAddress) {
286 //HashMap<String,String> hmMACToIPAdd = new HashMap<String,String>();
288 // We can replace "cat /tmp/dhcp.leases" with "cat /proc/net/arp"
289 String cmd = "ssh " + STR_SSH_USERNAME_ROUTER + "@" + strRouterAddress +
290 " cat /tmp/dhcp.leases";
291 Runtime runtime = Runtime.getRuntime();
292 Process process = runtime.exec(cmd);
294 InputStream inStream = process.getInputStream();
295 InputStreamReader isReader = new InputStreamReader(inStream);
296 BufferedReader bReader = new BufferedReader(isReader);
297 String strRead = null;
298 while((strRead = bReader.readLine()) != null){
299 String[] str = strRead.split(" ");
300 mapMACtoIPAdd.put(str[1], str[2]);
302 } catch (IOException ex) {
303 System.out.println("RouterConfig: IOException: " + ex.getMessage());
304 ex.printStackTrace();
309 * getIPFromMACAddress() method gets IP from MAC address
311 * @return String String that contains IP address from the MAC-IP mapping
313 public String getIPFromMACAddress(String strMACAddress) {
315 String strIPAddress = mapMACtoIPAdd.get(strMACAddress);
316 if (strIPAddress == null) {
317 throw new Error("RouterConfig: MAC address " + strMACAddress + " not found on the list! Please check if device is present in /tmp/dhcp.leases!");
323 * configureRouterMainPolicies() method configures the router
325 * This method configures the router's main policies
326 * This method creates a command line using 'ssh' and 'iptables'
327 * to access the router and create Netfilter statements
329 * @param strConfigHost String hostname to be configured
330 * @param strFirstHost String first host
331 * @param strSecondHost String second host
332 * @param strProtocol String protocol TCP/UDP
333 * @param iSrcPort Integer source port number
334 * @param iDstPort Integer destination port number
337 public void configureRouterMainPolicies(String strConfigHost, String strFirstHost,
338 String strSecondHost, String strProtocol, int iSrcPort, int iDstPort) {
340 PrintWriter pwConfig = getPrintWriter(strConfigHost);
341 pwConfig.println("-I FORWARD -j ACCEPT -s " + strFirstHost + " -d " +
342 strSecondHost + " -p " + strProtocol + " --dport " + iDstPort);
343 pwConfig.println("-I FORWARD -j ACCEPT -s " + strFirstHost + " -d " +
344 strSecondHost + " -p " + strProtocol + " --sport " + iSrcPort);
345 pwConfig.println("-I FORWARD -j ACCEPT -s " + strSecondHost + " -d " +
346 strFirstHost + " -p " + strProtocol + " --sport " + iDstPort);
347 pwConfig.println("-I FORWARD -j ACCEPT -s " + strSecondHost + " -d " +
348 strFirstHost + " -p " + strProtocol + " --dport " + iSrcPort);
352 * configureRouterMainPolicies() method configures the router
354 * This method configures the router's main policies
355 * This method creates a command line using 'ssh' and 'iptables'
356 * to access the router and create Netfilter statements
358 * @param strConfigHost String hostname to be configured
359 * @param strFirstHost String first host
360 * @param strSecondHost String second host
361 * @param strProtocol String protocol TCP/UDP
362 * @param iPort Integer port number
365 public void configureRouterMainPolicies(String strConfigHost, String strFirstHost,
366 String strSecondHost, String strProtocol, int iPort) {
368 PrintWriter pwConfig = getPrintWriter(strConfigHost);
369 pwConfig.println("-I FORWARD -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
370 " -p " + strProtocol + " --dport " + iPort);
371 pwConfig.println("-I FORWARD -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
372 " -p " + strProtocol + " --sport " + iPort);
373 pwConfig.println("-I FORWARD -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
374 " -p " + strProtocol + " --dport " + iPort);
375 pwConfig.println("-I FORWARD -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
376 " -p " + strProtocol + " --sport " + iPort);
380 * configureRouterMainPolicies() method configures the router
382 * This method is the same as the first configureRouterMainPolicies(),
383 * but it doesn't specify a certain port for the communication
385 * @param strConfigHost String hostname to be configured
386 * @param strFirstHost String first host
387 * @param strSecondHost String second host
388 * @param strProtocol String protocol TCP/UDP
391 public void configureRouterMainPolicies(String strConfigHost, String strFirstHost,
392 String strSecondHost, String strProtocol) {
394 PrintWriter pwConfig = getPrintWriter(strConfigHost);
395 pwConfig.println("-I FORWARD -j ACCEPT -s " + strFirstHost +
396 " -d " + strSecondHost + " -p " + strProtocol);
397 pwConfig.println("-I FORWARD -j ACCEPT -s " + strSecondHost +
398 " -d " + strFirstHost + " -p " + strProtocol);
403 * configureRouterMainPolicies() method configures the router
405 * This method is the same as the first configureRouterMainPolicies(),
406 * but it doesn't specify a certain port and protocol for the communication
408 * @param strConfigHost String hostname to be configured
409 * @param strFirstHost String first host
410 * @param strSecondHost String second host
413 public void configureRouterMainPolicies(String strConfigHost, String strFirstHost, String strSecondHost) {
415 PrintWriter pwConfig = getPrintWriter(strConfigHost);
416 pwConfig.println("-I FORWARD -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost);
417 pwConfig.println("-I FORWARD -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost);
422 * configureHostMainPolicies() method configures the host
424 * This method configures the host with router's policies
426 * @param strConfigHost String hostname to be configured
427 * @param strFirstHost String first host
428 * @param strSecondHost String second host
429 * @param strProtocol String protocol TCP/UDP
430 * @param iSrcPort Integer source port number
431 * @param iDstPort Integer destination port number
434 public void configureHostMainPolicies(String strConfigHost, String strFirstHost,
435 String strSecondHost, String strProtocol, int iSrcPort, int iDstPort) {
437 PrintWriter pwConfig = getPrintWriter(strConfigHost);
438 pwConfig.println("-I INPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
439 " -p " + strProtocol + " --dport " + iDstPort);
440 pwConfig.println("-I INPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
441 " -p " + strProtocol + " --sport " + iSrcPort);
442 pwConfig.println("-I INPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
443 " -p " + strProtocol + " --sport " + iDstPort);
444 pwConfig.println("-I INPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
445 " -p " + strProtocol + " --dport " + iSrcPort);
446 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
447 " -p " + strProtocol + " --dport " + iDstPort);
448 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
449 " -p " + strProtocol + " --sport " + iSrcPort);
450 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
451 " -p " + strProtocol + " --sport " + iDstPort);
452 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
453 " -p " + strProtocol + " --dport " + iSrcPort);
458 * configureHostMainPolicies() method configures the host
460 * This method configures the host with router's policies
462 * @param strConfigHost String hostname to be configured
463 * @param strFirstHost String first host
464 * @param strSecondHost String second host
465 * @param strProtocol String protocol TCP/UDP
466 * @param iPort Integer port number
469 public void configureHostMainPolicies(String strConfigHost, String strFirstHost,
470 String strSecondHost, String strProtocol, int iPort) {
472 PrintWriter pwConfig = getPrintWriter(strConfigHost);
473 pwConfig.println("-I INPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
474 " -p " + strProtocol + " --dport " + iPort);
475 pwConfig.println("-I INPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
476 " -p " + strProtocol + " --sport " + iPort);
477 pwConfig.println("-I INPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
478 " -p " + strProtocol + " --dport " + iPort);
479 pwConfig.println("-I INPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
480 " -p " + strProtocol + " --sport " + iPort);
481 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
482 " -p " + strProtocol + " --dport " + iPort);
483 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
484 " -p " + strProtocol + " --sport " + iPort);
485 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
486 " -p " + strProtocol + " --dport " + iPort);
487 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
488 " -p " + strProtocol + " --sport " + iPort);
492 * configureHostMainPolicies() method configures the host
494 * This method is the same as the first configureHostMainPolicies(),
495 * but it doesn't specify a certain port for the communication
497 * @param strConfigHost String hostname to be configured
498 * @param strFirstHost String first host
499 * @param strSecondHost String second host
500 * @param strProtocol String protocol TCP/UDP
503 public void configureHostMainPolicies(String strConfigHost, String strFirstHost,
504 String strSecondHost, String strProtocol) {
506 PrintWriter pwConfig = getPrintWriter(strConfigHost);
507 pwConfig.println("-I INPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
508 " -p " + strProtocol);
509 pwConfig.println("-I INPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
510 " -p " + strProtocol);
511 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
512 " -p " + strProtocol);
513 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
514 " -p " + strProtocol);
518 * configureHostMainPolicies() method configures the host
520 * This method is the same as the first configureHostMainPolicies(),
521 * but it doesn't specify a certain port and protocol for the communication
523 * @param strConfigHost String hostname to be configured
524 * @param strFirstHost String first host
525 * @param strSecondHost String second host
528 public void configureHostMainPolicies(String strConfigHost, String strFirstHost, String strSecondHost) {
530 PrintWriter pwConfig = getPrintWriter(strConfigHost);
531 pwConfig.println("-I INPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost);
532 pwConfig.println("-I INPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost);
533 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost);
534 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost);
539 * configureRouterHTTPPolicies() method configures the router
541 * This method configures the router's basic policies
542 * This method creates a command line using 'ssh' and 'iptables'
543 * to access the router and create Netfilter statements
545 * @param strConfigHost String hostname to be configured
546 * @param strFirstHost String first host address (source)
547 * @param strSecondHost String second host address (destination)
550 public void configureRouterHTTPPolicies(String strConfigHost, String strFirstHost, String strSecondHost) {
552 PrintWriter pwConfig = getPrintWriter(strConfigHost);
554 pwConfig.println("-I FORWARD -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
555 " -p tcp --dport http");
556 pwConfig.println("-I FORWARD -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
557 " -p tcp --sport http");
558 pwConfig.println("-I FORWARD -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
559 " -p tcp --dport http");
560 pwConfig.println("-I FORWARD -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
561 " -p tcp --sport http");
563 pwConfig.println("-I FORWARD -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
564 " -p tcp --dport https");
565 pwConfig.println("-I FORWARD -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
566 " -p tcp --sport https");
567 pwConfig.println("-I FORWARD -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
568 " -p tcp --dport https");
569 pwConfig.println("-I FORWARD -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
570 " -p tcp --sport https");
576 * configureRouterICMPPolicies() method configures the router
578 * This method configures the router's basic policies
579 * This method creates a command line using 'ssh' and 'iptables'
580 * to access the router and create Netfilter statements
582 * @param strConfigHost String hostname to be configured
585 public void configureRouterICMPPolicies(String strConfigHost) {
587 PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
589 pwConfig.println("-A FORWARD -j ACCEPT -p icmp");
590 pwConfig.println("-A INPUT -j ACCEPT -p icmp");
591 pwConfig.println("-A OUTPUT -j ACCEPT -p icmp");
595 * configureRouterICMPPolicies() method configures the router
597 * This method configures the router's basic policies
598 * This method creates a command line using 'ssh' and 'iptables'
599 * to access the router and create Netfilter statements
601 * @param strConfigHost String hostname to be configured
602 * @param strMonitorHost String monitor address
605 public void configureRouterICMPPolicies(String strConfigHost, String strMonitorHost) {
607 PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
609 pwConfig.println("-A FORWARD -j ACCEPT -p icmp");
610 pwConfig.println("-A INPUT -j ACCEPT -s " + strMonitorHost +
611 " -d " + strConfigHost + " -p icmp");
612 pwConfig.println("-A INPUT -j ACCEPT -s " + strConfigHost +
613 " -d " + strMonitorHost + " -p icmp");
614 pwConfig.println("-A OUTPUT -j ACCEPT -s " + strMonitorHost +
615 " -d " + strConfigHost + " -p icmp");
616 pwConfig.println("-A OUTPUT -j ACCEPT -s " + strConfigHost +
617 " -d " + strMonitorHost + " -p icmp");
621 * configureRouterSSHPolicies() method configures the router
623 * This method configures the router's basic policies
624 * This method creates a command line using 'ssh' and 'iptables'
625 * to access the router and create Netfilter statements
627 * @param strConfigHost String hostname to be configured
628 * @param strMonitorHost String monitor address
631 public void configureRouterSSHPolicies(String strConfigHost, String strMonitorHost) {
633 PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
634 // Allow SSH - port 22 (only from monitor host)
635 pwConfig.println("-A INPUT -j ACCEPT -s " +
636 strMonitorHost + " -d " + strConfigHost + " -p tcp --dport ssh");
637 pwConfig.println("-A INPUT -j ACCEPT -s " +
638 strMonitorHost + " -d " + strConfigHost + " -p tcp --sport ssh");
639 pwConfig.println("-A INPUT -j ACCEPT -s " +
640 strConfigHost + " -d " + strMonitorHost + " -p tcp --dport ssh");
641 pwConfig.println("-A INPUT -j ACCEPT -s " +
642 strConfigHost + " -d " + strMonitorHost + " -p tcp --sport ssh");
643 pwConfig.println("-A OUTPUT -j ACCEPT -s " +
644 strMonitorHost + " -d " + strConfigHost + " -p tcp --dport ssh");
645 pwConfig.println("-A OUTPUT -j ACCEPT -s " +
646 strMonitorHost + " -d " + strConfigHost + " -p tcp --sport ssh");
647 pwConfig.println("-A OUTPUT -j ACCEPT -s " +
648 strConfigHost + " -d " + strMonitorHost + " -p tcp --dport ssh");
649 pwConfig.println("-A OUTPUT -j ACCEPT -s " +
650 strConfigHost + " -d " + strMonitorHost + " -p tcp --sport ssh");
651 //pwConfig.println("-A FORWARD -j ACCEPT -p tcp --dport ssh");
652 //pwConfig.println("-A FORWARD -j ACCEPT -p tcp --sport ssh");
657 * configureRouterDHCPPolicies() method configures the router
659 * This method configures the router's basic policies
660 * This method creates a command line using 'ssh' and 'iptables'
661 * to access the router and create Netfilter statements
663 * @param strConfigHost String hostname to be configured
666 public void configureRouterDHCPPolicies(String strConfigHost) {
668 PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
669 // Allow DHCP renew - BOOTP Client port 68 / BOOTP Server port 67
670 pwConfig.println("-A INPUT -j ACCEPT -p udp --dport bootpc");
671 pwConfig.println("-A INPUT -j ACCEPT -p udp --sport bootpc");
672 pwConfig.println("-A OUTPUT -j ACCEPT -p udp --dport bootps");
673 pwConfig.println("-A OUTPUT -j ACCEPT -p udp --sport bootps");
677 * configureRouterDNSPolicies() method configures the router
679 * This method configures the router's basic policies
680 * This method creates a command line using 'ssh' and 'iptables'
681 * to access the router and create Netfilter statements
683 * @param strConfigHost String hostname to be configured
686 public void configureRouterDNSPolicies(String strConfigHost) {
688 PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
689 // Allow DNS UDP and TCP port 53
690 pwConfig.println("-A INPUT -j ACCEPT -p tcp --dport domain");
691 pwConfig.println("-A INPUT -j ACCEPT -p tcp --sport domain");
692 pwConfig.println("-A OUTPUT -j ACCEPT -p tcp --dport domain");
693 pwConfig.println("-A OUTPUT -j ACCEPT -p tcp --sport domain");
694 pwConfig.println("-A INPUT -j ACCEPT -p udp --dport domain");
695 pwConfig.println("-A INPUT -j ACCEPT -p udp --sport domain");
696 pwConfig.println("-A OUTPUT -j ACCEPT -p udp --dport domain");
697 pwConfig.println("-A OUTPUT -j ACCEPT -p udp --sport domain");
701 * configureRejectPolicies() method configures the router
703 * This method configures the router's basic policies
704 * This method creates a command line using 'ssh' and 'iptables'
705 * to access the router and create Netfilter statements
707 * @param strConfigHost String hostname to be configured
710 public void configureRejectPolicies(String strConfigHost) {
712 PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
713 // Reject every other thing
714 pwConfig.println("-A FORWARD -j REJECT");
715 pwConfig.println("-A INPUT -j REJECT");
716 pwConfig.println("-A OUTPUT -j REJECT");
720 * configureRouterNATPolicy() method configures the router
722 * This method configures the NAT policy separately.
723 * Somehow SSH in Java is not able to combine other commands for
724 * iptables rules configuration and NAT configuration.
726 * @param strConfigHost String hostname to be configured
729 public void configureRouterNATPolicy(String strConfigHost) {
731 PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
733 pwConfig.println("-t nat -A POSTROUTING -o eth0 -j MASQUERADE");
734 // Add the following 2 lines
735 pwConfig.println("-A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT");
736 pwConfig.println("-A FORWARD -i wlan0 -o eth0 -j ACCEPT");
740 * configureHostHTTPPolicies() method configures the host
742 * This method configures the host with HTTP policies
744 * @param strConfigHost String hostname to be configured
745 * @param strFirstHost String first host address (source)
746 * @param strSecondHost String second host address (destination)
749 public void configureHostHTTPPolicies(String strConfigHost, String strFirstHost, String strSecondHost) {
751 PrintWriter pwConfig = getPrintWriter(strConfigHost);
753 pwConfig.println("-I INPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
754 " -p tcp --dport http");
755 pwConfig.println("-I INPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
756 " -p tcp --sport http");
757 pwConfig.println("-I INPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
758 " -p tcp --dport http");
759 pwConfig.println("-I INPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
760 " -p tcp --sport http");
761 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
762 " -p tcp --dport http");
763 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
764 " -p tcp --sport http");
765 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
766 " -p tcp --dport http");
767 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
768 " -p tcp --sport http");
770 pwConfig.println("-I INPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
771 " -p tcp --dport https");
772 pwConfig.println("-I INPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
773 " -p tcp --sport https");
774 pwConfig.println("-I INPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
775 " -p tcp --dport https");
776 pwConfig.println("-I INPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
777 " -p tcp --sport https");
778 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
779 " -p tcp --dport https");
780 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
781 " -p tcp --sport https");
782 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
783 " -p tcp --dport https");
784 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
785 " -p tcp --sport https");
789 * configureHostICMPPolicies() method configures the host
791 * This method configures the host with router's policies
793 * @param strConfigHost String hostname to be configured
796 public void configureHostICMPPolicies(String strConfigHost) {
798 PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
800 pwConfig.println("-A INPUT -j ACCEPT -p icmp");
801 pwConfig.println("-A OUTPUT -j ACCEPT -p icmp");
805 * configureHostSQLPolicies() method configures the host
807 * This method configures the host with router's policies
809 * @param strConfigHost String hostname to be configured
812 public void configureHostSQLPolicies(String strConfigHost) {
814 PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
816 pwConfig.println("-A INPUT -j ACCEPT -p tcp --dport mysql");
817 pwConfig.println("-A INPUT -j ACCEPT -p tcp --sport mysql");
818 pwConfig.println("-A OUTPUT -j ACCEPT -p tcp --dport mysql");
819 pwConfig.println("-A OUTPUT -j ACCEPT -p tcp --sport mysql");
823 * configureHostICMPPolicies() method configures the host
825 * This method configures the host with router's policies
827 * @param strConfigHost String hostname to be configured
828 * @param strMonitorHost String monitor address
831 public void configureHostICMPPolicies(String strConfigHost, String strMonitorHost) {
833 PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
835 pwConfig.println("-A INPUT -j ACCEPT -s " + strMonitorHost +
836 " -d " + strConfigHost + " -p icmp");
837 pwConfig.println("-A INPUT -j ACCEPT -s " + strConfigHost +
838 " -d " + strMonitorHost + " -p icmp");
839 pwConfig.println("-A OUTPUT -j ACCEPT -s " + strMonitorHost +
840 " -d " + strConfigHost + " -p icmp");
841 pwConfig.println("-A OUTPUT -j ACCEPT -s " + strConfigHost +
842 " -d " + strMonitorHost + " -p icmp");
847 * configureHostSSHPolicies() method configures the host
849 * This method configures the host with router's policies
851 * @param strConfigHost String hostname to be configured
854 public void configureHostSSHPolicies(String strConfigHost) {
856 PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
857 // Allow SSH - port 22
858 pwConfig.println("-A INPUT -j ACCEPT -p tcp --dport ssh");
859 pwConfig.println("-A INPUT -j ACCEPT -p tcp --sport ssh");
860 pwConfig.println("-A OUTPUT -j ACCEPT -p tcp --dport ssh");
861 pwConfig.println("-A OUTPUT -j ACCEPT -p tcp --sport ssh");
862 pwConfig.println("-A FORWARD -j ACCEPT -p tcp --dport ssh");
863 pwConfig.println("-A FORWARD -j ACCEPT -p tcp --sport ssh");
868 * configureHostSSHPolicies() method configures the host
870 * This method configures the host with router's policies
872 * @param strConfigHost String hostname to be configured
873 * @param strMonitorHost String monitor address
876 public void configureHostSSHPolicies(String strConfigHost, String strMonitorHost) {
878 PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
879 // Allow SSH - port 22
880 pwConfig.println("-A INPUT -j ACCEPT -s " +
881 strMonitorHost + " -d " + strConfigHost + " -p tcp --dport ssh");
882 pwConfig.println("-A INPUT -j ACCEPT -s " +
883 strMonitorHost + " -d " + strConfigHost + " -p tcp --sport ssh");
884 pwConfig.println("-A INPUT -j ACCEPT -s " +
885 strConfigHost + " -d " + strMonitorHost + " -p tcp --dport ssh");
886 pwConfig.println("-A INPUT -j ACCEPT -s " +
887 strConfigHost + " -d " + strMonitorHost + " -p tcp --sport ssh");
888 pwConfig.println("-A OUTPUT -j ACCEPT -s " +
889 strMonitorHost + " -d " + strConfigHost + " -p tcp --dport ssh");
890 pwConfig.println("-A OUTPUT -j ACCEPT -s " +
891 strMonitorHost + " -d " + strConfigHost + " -p tcp --sport ssh");
892 pwConfig.println("-A OUTPUT -j ACCEPT -s " +
893 strConfigHost + " -d " + strMonitorHost + " -p tcp --dport ssh");
894 pwConfig.println("-A OUTPUT -j ACCEPT -s " +
895 strConfigHost + " -d " + strMonitorHost + " -p tcp --sport ssh");
900 * configureHostDHCPPolicies() method configures the host
902 * This method configures the host with router's policies
904 * @param strConfigHost String hostname to be configured
907 public void configureHostDHCPPolicies(String strConfigHost) {
909 PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
910 // Allow DHCP renew - BOOTP Client port 68 / BOOTP Server port 67
911 pwConfig.println("-A INPUT -j ACCEPT -p udp --dport bootpc");
912 pwConfig.println("-A INPUT -j ACCEPT -p udp --sport bootpc");
913 pwConfig.println("-A OUTPUT -j ACCEPT -p udp --dport bootps");
914 pwConfig.println("-A OUTPUT -j ACCEPT -p udp --sport bootps");
919 * configureHostDNSPolicies() method configures the host
921 * This method configures the host with router's policies
923 * @param strConfigHost String hostname to be configured
926 public void configureHostDNSPolicies(String strConfigHost) {
928 PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
929 // Allow DNS UDP and TCP port 53
930 pwConfig.println("-A INPUT -j ACCEPT -p tcp --dport domain");
931 pwConfig.println("-A INPUT -j ACCEPT -p tcp --sport domain");
932 pwConfig.println("-A OUTPUT -j ACCEPT -p tcp --dport domain");
933 pwConfig.println("-A OUTPUT -j ACCEPT -p tcp --sport domain");
934 pwConfig.println("-A INPUT -j ACCEPT -p udp --dport domain");
935 pwConfig.println("-A INPUT -j ACCEPT -p udp --sport domain");
936 pwConfig.println("-A OUTPUT -j ACCEPT -p udp --dport domain");
937 pwConfig.println("-A OUTPUT -j ACCEPT -p udp --sport domain");